Justice Department indicts Iranian nationals for extorting more than $6M from victims across North America

Mohammad Mehdi Shah Mansouri and Faramarz Shahi Savandi are alleged to have hijacked and shut down victims’ computer systems until the victims paid a ransom. (FBI)

The Department of Justice has indicted two Iranian nationals for a three-year, multimillion-dollar cybercrime and extortion scheme which involved hacking into the computer networks of U.S. businesses and local municipalities.

An indictment unsealed in New Jersey on Wednesday alleges Mohammad Mehdi Shah Mansouri and Faramarz Shahi Savandi hijacked victims’ computer systems and shut them down until the victims paid a ransom. The indictment further says the defendants collected “more than $ 6 million in extortion payments and caused more than $ 30 million in losses.”

The six-count indictment alleges that, while in Iran, Savandi and Mansouri used a malware known as “SamSam Ransomware,” which is capable of forcibly encrypting data on the computers of victims. The indictment alleges that, beginning in December 2015, Savandi and Mansouri hacked into the computers of victims through security weaknesses.

Department of Justice officials say the two hackers do not have any official connection to the Iranian regime.

The victims numbered over 200 and included hospitals, municipalities and public institutions, according to the indictment, including: the City of Atlanta, Georgia; the City of Newark, New Jersey; the Port of San Diego, California; the Colorado Department of Transportation; the University of Calgary in Calgary, Alberta, Canada; and six health care-related entities: Hollywood Presbyterian Medical Center in Los Angeles, California; Kansas Heart Hospital in Wichita, Kansas; Laboratory Corporation of America Holdings, more commonly known as LabCorp, headquartered in Burlington, North Carolina; MedStar Health, headquartered in Columbia, Maryland; Nebraska Orthopedic Hospital now known as OrthoNebraska Hospital, in Omaha, Nebraska and Allscripts Healthcare Solutions Inc., headquartered in Chicago, Illinois.

Department of Justice officials refused to answer questions about whether those municipalities had used taxpayer money to pay ransom demands in order to regain control of their computer networks.

“They were, over time, able to perfect their art,” said Craig Carpentino, the U.S. Attorney for New Jersey. “They got better at this every day.”

While it’s clear that many of the victims did pay a ransom to regain control of their data, FBI Executive Assistant Director Amy Hess encourages victims not to pay.

“Clearly they have a lot at stake but we encourage them not to pay,” adding, “It encourages others,” to try the same kind of scheme

Savandi and Mansouri are charged with one count of conspiracy to commit wire fraud and one count of conspiracy to commit fraud. However, it is unclear if they will ever see the inside of an American courtroom since the U.S. has no extradition treaty with Iran.